There has a been a lot of talk recently about responsible disclosure issues especially with new developers and glory seekers. The VEL team have its own responsible disclosure code, namely that we wont list any Proof of concept or samples. we will only give the bare minimum.. All we ask is

Right now there’s no machine-readable output format of the vulnerable extensions list. This causes a lot of issues when someone tries to find out, if a specific extension is listed on the VEL or not, because he or she wants to do for example one of the following things:

develop a plugin that automatically sends an email to the site administrator when an installed extension gets listed

add a feature to the built-in installer to warn users when a listed extension should be installed

develop a tool for webhosts that allows them to specifically search for vulnerable Joomla installations on their servers

If a person follows these few simple rules the majority of site hacks will not happen.

1.) Use a decent hosting provider. Cheap is not necessarily bad, and expensive is not necessarily good. Do your research. Take a few minutes to search for and read comments and reviews left by other users.

2.) If you don't need it for your sites functionality then don't install it. If you do need it for your sites functionality, take a few minutes to search for and read comments and reviews left by other users of that software to make sure you're not getting more than you bargained for by installing the software.

Recently it was pointed out people had apparently no clear way of asking questions of the vel team or discuss vulnerable exension reports.

We pointed out the facebook fan page facebook.com/velteam as We felt that the Slack site used by most people was not open or intutive enough. It also had a limit on the amount of discussion topics it shows live. Therefore in addition to our facebook fan page, we have decided to create a form called AskVel http://bit.ly/askteamvel

You can freely ask a question and hopefully, if we know the answer, will post on vel.joomla.org as an FAQ and possibly run in the JCM.